test

Deployment Example 1: Access Manager 7.0 Load Balancing, Distributed Authentication UI, and Session Failover

ProcedureTo Configure the Access Manager Servers to Access the Directory Server Load Balancer

  1. Go to the Access Manager URL.

    http://AccessManager-1.example.com:1080/amserver/console

  2. Log in to the Access Manager console using the following information:

    Username

    amadmin

    Password

    4m4dmin1

  3. Click the Configuration tab.

  4. Under Authentication, edit the following service configurations. Edit the service configurations to reflect the LDAP server name and port number LoadBalancer-1.example.com:1389

    Under Authentication, for the following services, change the Primary LDAP server name and port to the load-balancer name and port. In this example, the new name is LoadBalancer-1.example.com:389 .

    1. Under Authentication, click LDAP.

      In the Primary LDAP Server list, Add LoadBalancer-1.example.com:389 and delete the default server from the list. Click Save, and the return to the Configuration tab.

    2. Under Authentication, click Membership.

      In the Primary LDAP Server list, Add LoadBalancer-1.example.com:389 and delete the default server from the list. Click Save, and the return to the Configuration tab.

    3. Under Authentication, click MSISDN.

      In the Primary LDAP Server list, Add LoadBalancer-1.example.com:389 and delete the default server from the list. Click Save, and the return to the Configuration tab.

    4. Under Global Properties, click Policy Configuration.

      In the Primary LDAP Server, add LoadBalancer-1.example.com:389 and delete the default server from the list. Click Save, and the return to the Configuration tab.

  5. Edit the following property files on AccessManager–1.

    1. Still logged in to the Access Manager server as a root user, use an editor to modify the file /etc/opt/SUNWam/config/serverconfig.xml.

      Change LDAP serer host name and port number to the fully-qualified name and port number for Load Balancer 1 Example:


      <iPlanetDataAccessLayer>
				<ServerGroup name="default" miConnPool="1" maxConnPool="10">
						<Server name="Server1" 
								host="LoadBalancer-1.example.com" port="389" 
 type="SIMPLE"/>
...

    2. Use an editor to modify the file /etc/opt/SUNWam/config/AMConfig.properties.

      Set the following properties:

      • com.iplanet.am.directory.port=389

      • com.iplanet.am.directory.host=LoadBalancer-1.example.com

      • com.sun.am.event.connection.idle.timeout=3

    The connection idle time out value is set to 3 minutes. This value is less than the value for the Firewall 3–to-Load Balancer 1 connection timeout which is 5 minutes in this example. By setting this value to be 3 minutes, the Access Manager server will assume its persistent search connections may be silently dropped by Firewall 3–to-Load Balancer 1. The Access Manager server will re-establish the persistent search connections every 3 minutes. Otherwise, the Access Manager server may forever block on the persistent search because it is not made aware that the TCP connection is dropped silently.

  6. Edit the following property files on AccessManager–2.

    1. Still logged in to the Access Manager server as a root user, use an editor to modify the file /etc/opt/SUNWam/config/serverconfig.xml.

      Change LDAP serer host name and port number to the fully-qualified name and port number for Load Balancer 1. Example:


      <iPlanetDataAccessLayer>
				<ServerGroup name="default" miConnPool="1" maxConnPool="10">
						<Server name="Server1" 
								host="LoadBalancer-1.example.com" port="389" 
 type="SIMPLE"/>
...

    2. Use an editor to modify the file /etc/opt/SUNWam/config/AMConfig.properties.

      Set the following properties:

      • com.iplanet.am.directory.port=389

      • com.iplanet.am.directory.host=LoadBalancer-1.example.com

      • com.sun.am.event.connection.idle.timeout=3

  7. Restart both Access Manager servers in order for the changes to take place.